Viruses

Yyza Ransomware is an encryption virus, that locks files on a computer and demands payment from the victim to restore access to the files. It is part of the notorious STOP/Djvu ransomware family. The malware is spread through malicious files disguised as freeware, key generators, and hacked games, which are commonly found on file-sharing and torrent sites. Once installed, Yyza encrypts all files on the victim’s computer, adding the .yyza extension to the filenames. Yyza Ransomware uses a file encryption method that is currently unbreakable without the decryption key. yza Ransomware creates a ransom note named _readme.txt. The note instructs the victim to pay a specified amount for a decryption key that can unlock their files. Our instructions below may help you remove malware and recover the files.

CryBaby Ransomware is a type of malware that encrypts data on a computer and demands payment for the decryption of the files. CryBaby Ransomware was discovered by researchers while inspecting new submissions to the VirusTotal website. CryBaby Ransomware is classified as ransomware because it encrypts data and demands payment for the decryption. CryBaby Ransomware adds the .lockedbycrybaby extension to the filenames of encrypted files. For example, a file originally named 1.jpg appears as 1.jpg.lockedbycrybaby, 2.png as 2.png.lockedbycrybaby, and so on. CryBaby Ransomware uses encryption to lock the files on a computer. The encryption method used by CryBaby Ransomware is not discovered. After the encryption process is concluded, CryBaby Ransomware displays a ransom note in a pop-up window. The ransom note contains instructions on how to pay the ransom and obtain the decryption key.

Popn Ransomware is a harmful virus that encrypts files on a victim's computer and demands payment in exchange for the decryption key. It belongs to the STOP/Djvu ransomware family and is usually distributed through malicious websites, spam emails, fake software cracks, or by exploiting vulnerabilities in the operating system and installed programs. Once the ransomware is downloaded and executed, it initiates the encryption process on the victim's system, irrespective of the distribution method. Cybercriminals employ a wide range of file types, including PDFs, Microsoft Office documents, and more. Popn appends .popn extensions to files and utilizes a file renaming pattern, transforming files such as 1.jpg into 1.jpg.popn, 2.png into 2.png.popn etc. The ransomware generates a ransom note called _readme.txt that instructs the victims to pay a specific amount to receive a decryption key to restore access to their files. Failing to meet the payment deadline might result in the irreversible loss of the compromised data.

Krize Ransomware is a type of malware that encrypts files on a victim's computer and demands a ransom payment in exchange for the decryption key. Krize Ransomware was discovered by the PCrisk team while examining samples uploaded to the VirusTotal platform. Krize Ransomware appends the .krize extension to filenames. Krize Ransomware uses encryption to lock the victim's files and demands a ransom payment in exchange for the decryption key. Since Krize Ransomware is a relatively new ransomware, security software developers have not yet found a way to reverse its work. Krize Ransomware creates a file named leia_me.txt containing a ransom note in each directory containing encrypted files. The ransom note contains instructions on how to pay the ransom and a warning that it is impossible to decrypt the files without the decryption key.

Pouu Ransomware (subtype of STOP Ransomware) continues its malicious activity in the end of January 2023, and now adding .pouu extensions to encrypted files. The malware aims most important and valuable files: photos, documents, databases, videos, archives and encrypts them using AES-256 algorithms. Encrypted files become unusable and cybercriminals start extorting ransom. If the hacker server is unavailable (the PC is not connected to the Internet, the server itself does not work), then the encrypter uses the key and identifier that is hard-coded in it and performs offline encryption. In this case, it will be possible to decrypt the files without paying the ransom. Pouu Ransomware creates _readme.txt file, that is called "ransom note", on the desktop and in the folders with encrypted files. Developers use the following e-mails for contact: support@freshmail.top and datarestorehelp@airmail.cc.

BIDON Ransomware is a new variant of the MONTI Ransomware. It is a type of malware that encrypts files and demands payment for their decryption. BIDON Ransomware infects computers through phishing emails using social engineering, malvertising, and exploit kits. Once it infects a computer, it adds the .PUUUK extension to the filenames of encrypted files. BIDON Ransomware uses a symmetric cryptographic algorithm to encrypt files. It creates a ransom note named readme.txt that informs the victim that their data has been encrypted and demands payment for its decryption. Unfortunately, there are currently no free decryption tools available for BIDON Ransomware. However, using instructions and tools from this article you will be able to recover your data fully or partially. Below you can get acquainted with the text from the ransom note of this ransomware.

Poaz is a dangerous ransomware, that belongs to the Djvu family. It is a file-encrypting virus that encrypts files on the victim's computer and demands payment in exchange for a key and a decryptor that can restore access to the files. Poaz ransomware employs an RSA encryption algorithm, rendering all files inaccessible to the user. The ransomware manipulates the file structure through the use of advanced encryption techniques, making it inaccessible without the decryption key. It alters the names of the encrypted files by appending the .poaz extension. Encrypted files can be identified by this distinct extension, which makes them inaccessible and unusable. The ransomware generates a ransom note, a text file named _readme.txt, that provides instructions on how to make the payment and also often includes threats of data loss or ransom amounts surge if the demands are not met within a specified timeframe. The ransom note is dropped at every location where encrypted files are located.

LOCK2023 Ransomware is a type of malware that encrypts various files stored on a computer system. It is a new variant of another ransomware known as CONTI. LOCK2023 Ransomware infiltrates systems via 'trojans'. Once infiltration is successful, this malware encrypts various files stored on the system. To achieve this, ransomware uses the AES-256 encryption algorithm and, therefore, a public and a private key is generated during encryption. LOCK2023 Ransomware appends the .LOCK2023 extension to filenames. For example, it renames 1.jpg to 1.jpg.LOCK2023, 2.png to 2.png.LOCK2023, and so forth. LOCK2023 Ransomware creates a ransom note named README.txt. The ransom note provides instructions on how to pay the ransom to decrypt the files.